diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 03f9a175301..83eb2881717 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -40874,6 +40874,8 @@ components: type: integer type: $ref: '#/components/schemas/ObservabilityPipelineBufferOptionsMemoryType' + when_full: + $ref: '#/components/schemas/ObservabilityPipelineBufferOptionsWhenFull' type: object ObservabilityPipelineMemoryBufferSizeOptions: description: Options for configuring a memory buffer by queue length. @@ -40885,6 +40887,8 @@ components: type: integer type: $ref: '#/components/schemas/ObservabilityPipelineBufferOptionsMemoryType' + when_full: + $ref: '#/components/schemas/ObservabilityPipelineBufferOptionsWhenFull' type: object ObservabilityPipelineMetadataEntry: description: A custom metadata entry. @@ -53476,6 +53480,8 @@ components: $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration' detectionTolerance: $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance' + instantaneousBaseline: + $ref: '#/components/schemas/SecurityMonitoringRuleInstantaneousBaseline' learningDuration: $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration' learningPeriodBaseline: @@ -53813,6 +53819,13 @@ components: or credentialed API access.' example: true type: boolean + SecurityMonitoringRuleInstantaneousBaseline: + description: When set to true, Datadog uses previous values that fall within + the defined learning window to construct the baseline, enabling the system + to establish an accurate baseline more rapidly rather than relying solely + on gradual learning over time. + example: false + type: boolean SecurityMonitoringRuleKeepAlive: description: 'Once a signal is generated, the signal will remain "open" if a case is matched at least once within @@ -53886,7 +53899,7 @@ components: forgetAfter: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsForgetAfter' instantaneousBaseline: - $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsInstantaneousBaseline' + $ref: '#/components/schemas/SecurityMonitoringRuleInstantaneousBaseline' learningDuration: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningDuration' learningMethod: @@ -53912,13 +53925,6 @@ components: - TWO_WEEKS - THREE_WEEKS - FOUR_WEEKS - SecurityMonitoringRuleNewValueOptionsInstantaneousBaseline: - description: When set to true, Datadog uses previous values that fall within - the defined learning window to construct the baseline, enabling the system - to establish an accurate baseline more rapidly rather than relying solely - on gradual learning over time. - example: false - type: boolean SecurityMonitoringRuleNewValueOptionsLearningDuration: default: 0 description: 'The duration in days during which values are learned, and after diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_3355193622.java b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_3355193622.java new file mode 100644 index 00000000000..7602db62305 --- /dev/null +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_3355193622.java @@ -0,0 +1,87 @@ +// Create a detection rule with detection method 'anomaly_detection' with enabled feature +// 'instantaneousBaseline' returns +// "OK" response + +import com.datadog.api.client.ApiClient; +import com.datadog.api.client.ApiException; +import com.datadog.api.client.v2.api.SecurityMonitoringApi; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleAnomalyDetectionOptions; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseCreate; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleCreatePayload; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleDetectionMethod; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleEvaluationWindow; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleKeepAlive; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleMaxSignalDuration; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleOptions; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleQueryAggregation; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleResponse; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleSeverity; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleTypeCreate; +import com.datadog.api.client.v2.model.SecurityMonitoringStandardDataSource; +import com.datadog.api.client.v2.model.SecurityMonitoringStandardRuleCreatePayload; +import com.datadog.api.client.v2.model.SecurityMonitoringStandardRuleQuery; +import java.util.Arrays; +import java.util.Collections; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = ApiClient.getDefaultApiClient(); + SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); + + SecurityMonitoringRuleCreatePayload body = + new SecurityMonitoringRuleCreatePayload( + new SecurityMonitoringStandardRuleCreatePayload() + .name("Example-Security-Monitoring") + .type(SecurityMonitoringRuleTypeCreate.LOG_DETECTION) + .isEnabled(true) + .queries( + Collections.singletonList( + new SecurityMonitoringStandardRuleQuery() + .aggregation(SecurityMonitoringRuleQueryAggregation.COUNT) + .dataSource(SecurityMonitoringStandardDataSource.LOGS) + .groupByFields(Arrays.asList("@usr.email", "@network.client.ip")) + .hasOptionalGroupByFields(false) + .name("") + .query("service:app status:error"))) + .cases( + Collections.singletonList( + new SecurityMonitoringRuleCaseCreate() + .name("") + .status(SecurityMonitoringRuleSeverity.INFO) + .condition("a > 0.995"))) + .message("An anomaly detection rule") + .options( + new SecurityMonitoringRuleOptions() + .detectionMethod(SecurityMonitoringRuleDetectionMethod.ANOMALY_DETECTION) + .evaluationWindow(SecurityMonitoringRuleEvaluationWindow.FIFTEEN_MINUTES) + .keepAlive(SecurityMonitoringRuleKeepAlive.ONE_HOUR) + .maxSignalDuration(SecurityMonitoringRuleMaxSignalDuration.ONE_DAY) + .anomalyDetectionOptions( + new SecurityMonitoringRuleAnomalyDetectionOptions() + .bucketDuration( + SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration + .FIVE_MINUTES) + .learningDuration( + SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration + .ONE_DAY) + .detectionTolerance( + SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance + .THREE) + .instantaneousBaseline(true)))); + + try { + SecurityMonitoringRuleResponse result = apiInstance.createSecurityMonitoringRule(body); + System.out.println(result); + } catch (ApiException e) { + System.err.println( + "Exception when calling SecurityMonitoringApi#createSecurityMonitoringRule"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/ObservabilityPipelineMemoryBufferOptions.java b/src/main/java/com/datadog/api/client/v2/model/ObservabilityPipelineMemoryBufferOptions.java index f78d253a091..2eb6c01f571 100644 --- a/src/main/java/com/datadog/api/client/v2/model/ObservabilityPipelineMemoryBufferOptions.java +++ b/src/main/java/com/datadog/api/client/v2/model/ObservabilityPipelineMemoryBufferOptions.java @@ -19,7 +19,8 @@ /** Options for configuring a memory buffer by byte size. */ @JsonPropertyOrder({ ObservabilityPipelineMemoryBufferOptions.JSON_PROPERTY_MAX_SIZE, - ObservabilityPipelineMemoryBufferOptions.JSON_PROPERTY_TYPE + ObservabilityPipelineMemoryBufferOptions.JSON_PROPERTY_TYPE, + ObservabilityPipelineMemoryBufferOptions.JSON_PROPERTY_WHEN_FULL }) @jakarta.annotation.Generated( value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") @@ -32,6 +33,10 @@ public class ObservabilityPipelineMemoryBufferOptions { private ObservabilityPipelineBufferOptionsMemoryType type = ObservabilityPipelineBufferOptionsMemoryType.MEMORY; + public static final String JSON_PROPERTY_WHEN_FULL = "when_full"; + private ObservabilityPipelineBufferOptionsWhenFull whenFull = + ObservabilityPipelineBufferOptionsWhenFull.BLOCK; + public ObservabilityPipelineMemoryBufferOptions maxSize(Long maxSize) { this.maxSize = maxSize; return this; @@ -79,6 +84,32 @@ public void setType(ObservabilityPipelineBufferOptionsMemoryType type) { this.type = type; } + public ObservabilityPipelineMemoryBufferOptions whenFull( + ObservabilityPipelineBufferOptionsWhenFull whenFull) { + this.whenFull = whenFull; + this.unparsed |= !whenFull.isValid(); + return this; + } + + /** + * Behavior when the buffer is full (block and stop accepting new events, or drop new events) + * + * @return whenFull + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_WHEN_FULL) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public ObservabilityPipelineBufferOptionsWhenFull getWhenFull() { + return whenFull; + } + + public void setWhenFull(ObservabilityPipelineBufferOptionsWhenFull whenFull) { + if (!whenFull.isValid()) { + this.unparsed = true; + } + this.whenFull = whenFull; + } + /** * A container for additional, undeclared properties. This is a holder for any undeclared * properties as specified with the 'additionalProperties' keyword in the OAS document. @@ -138,6 +169,7 @@ public boolean equals(Object o) { (ObservabilityPipelineMemoryBufferOptions) o; return Objects.equals(this.maxSize, observabilityPipelineMemoryBufferOptions.maxSize) && Objects.equals(this.type, observabilityPipelineMemoryBufferOptions.type) + && Objects.equals(this.whenFull, observabilityPipelineMemoryBufferOptions.whenFull) && Objects.equals( this.additionalProperties, observabilityPipelineMemoryBufferOptions.additionalProperties); @@ -145,7 +177,7 @@ public boolean equals(Object o) { @Override public int hashCode() { - return Objects.hash(maxSize, type, additionalProperties); + return Objects.hash(maxSize, type, whenFull, additionalProperties); } @Override @@ -154,6 +186,7 @@ public String toString() { sb.append("class ObservabilityPipelineMemoryBufferOptions {\n"); sb.append(" maxSize: ").append(toIndentedString(maxSize)).append("\n"); sb.append(" type: ").append(toIndentedString(type)).append("\n"); + sb.append(" whenFull: ").append(toIndentedString(whenFull)).append("\n"); sb.append(" additionalProperties: ") .append(toIndentedString(additionalProperties)) .append("\n"); diff --git a/src/main/java/com/datadog/api/client/v2/model/ObservabilityPipelineMemoryBufferSizeOptions.java b/src/main/java/com/datadog/api/client/v2/model/ObservabilityPipelineMemoryBufferSizeOptions.java index 22dc94686e2..390278052cf 100644 --- a/src/main/java/com/datadog/api/client/v2/model/ObservabilityPipelineMemoryBufferSizeOptions.java +++ b/src/main/java/com/datadog/api/client/v2/model/ObservabilityPipelineMemoryBufferSizeOptions.java @@ -19,7 +19,8 @@ /** Options for configuring a memory buffer by queue length. */ @JsonPropertyOrder({ ObservabilityPipelineMemoryBufferSizeOptions.JSON_PROPERTY_MAX_EVENTS, - ObservabilityPipelineMemoryBufferSizeOptions.JSON_PROPERTY_TYPE + ObservabilityPipelineMemoryBufferSizeOptions.JSON_PROPERTY_TYPE, + ObservabilityPipelineMemoryBufferSizeOptions.JSON_PROPERTY_WHEN_FULL }) @jakarta.annotation.Generated( value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") @@ -32,6 +33,10 @@ public class ObservabilityPipelineMemoryBufferSizeOptions { private ObservabilityPipelineBufferOptionsMemoryType type = ObservabilityPipelineBufferOptionsMemoryType.MEMORY; + public static final String JSON_PROPERTY_WHEN_FULL = "when_full"; + private ObservabilityPipelineBufferOptionsWhenFull whenFull = + ObservabilityPipelineBufferOptionsWhenFull.BLOCK; + public ObservabilityPipelineMemoryBufferSizeOptions maxEvents(Long maxEvents) { this.maxEvents = maxEvents; return this; @@ -79,6 +84,32 @@ public void setType(ObservabilityPipelineBufferOptionsMemoryType type) { this.type = type; } + public ObservabilityPipelineMemoryBufferSizeOptions whenFull( + ObservabilityPipelineBufferOptionsWhenFull whenFull) { + this.whenFull = whenFull; + this.unparsed |= !whenFull.isValid(); + return this; + } + + /** + * Behavior when the buffer is full (block and stop accepting new events, or drop new events) + * + * @return whenFull + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_WHEN_FULL) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public ObservabilityPipelineBufferOptionsWhenFull getWhenFull() { + return whenFull; + } + + public void setWhenFull(ObservabilityPipelineBufferOptionsWhenFull whenFull) { + if (!whenFull.isValid()) { + this.unparsed = true; + } + this.whenFull = whenFull; + } + /** * A container for additional, undeclared properties. This is a holder for any undeclared * properties as specified with the 'additionalProperties' keyword in the OAS document. @@ -139,6 +170,7 @@ public boolean equals(Object o) { (ObservabilityPipelineMemoryBufferSizeOptions) o; return Objects.equals(this.maxEvents, observabilityPipelineMemoryBufferSizeOptions.maxEvents) && Objects.equals(this.type, observabilityPipelineMemoryBufferSizeOptions.type) + && Objects.equals(this.whenFull, observabilityPipelineMemoryBufferSizeOptions.whenFull) && Objects.equals( this.additionalProperties, observabilityPipelineMemoryBufferSizeOptions.additionalProperties); @@ -146,7 +178,7 @@ public boolean equals(Object o) { @Override public int hashCode() { - return Objects.hash(maxEvents, type, additionalProperties); + return Objects.hash(maxEvents, type, whenFull, additionalProperties); } @Override @@ -155,6 +187,7 @@ public String toString() { sb.append("class ObservabilityPipelineMemoryBufferSizeOptions {\n"); sb.append(" maxEvents: ").append(toIndentedString(maxEvents)).append("\n"); sb.append(" type: ").append(toIndentedString(type)).append("\n"); + sb.append(" whenFull: ").append(toIndentedString(whenFull)).append("\n"); sb.append(" additionalProperties: ") .append(toIndentedString(additionalProperties)) .append("\n"); diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleAnomalyDetectionOptions.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleAnomalyDetectionOptions.java index 61e54ac7a78..fc4073011bc 100644 --- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleAnomalyDetectionOptions.java +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleAnomalyDetectionOptions.java @@ -20,6 +20,7 @@ @JsonPropertyOrder({ SecurityMonitoringRuleAnomalyDetectionOptions.JSON_PROPERTY_BUCKET_DURATION, SecurityMonitoringRuleAnomalyDetectionOptions.JSON_PROPERTY_DETECTION_TOLERANCE, + SecurityMonitoringRuleAnomalyDetectionOptions.JSON_PROPERTY_INSTANTANEOUS_BASELINE, SecurityMonitoringRuleAnomalyDetectionOptions.JSON_PROPERTY_LEARNING_DURATION, SecurityMonitoringRuleAnomalyDetectionOptions.JSON_PROPERTY_LEARNING_PERIOD_BASELINE }) @@ -33,6 +34,9 @@ public class SecurityMonitoringRuleAnomalyDetectionOptions { public static final String JSON_PROPERTY_DETECTION_TOLERANCE = "detectionTolerance"; private SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance detectionTolerance; + public static final String JSON_PROPERTY_INSTANTANEOUS_BASELINE = "instantaneousBaseline"; + private Boolean instantaneousBaseline; + public static final String JSON_PROPERTY_LEARNING_DURATION = "learningDuration"; private SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration learningDuration; @@ -95,6 +99,30 @@ public void setDetectionTolerance( this.detectionTolerance = detectionTolerance; } + public SecurityMonitoringRuleAnomalyDetectionOptions instantaneousBaseline( + Boolean instantaneousBaseline) { + this.instantaneousBaseline = instantaneousBaseline; + return this; + } + + /** + * When set to true, Datadog uses previous values that fall within the defined learning window to + * construct the baseline, enabling the system to establish an accurate baseline more rapidly + * rather than relying solely on gradual learning over time. + * + * @return instantaneousBaseline + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_INSTANTANEOUS_BASELINE) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public Boolean getInstantaneousBaseline() { + return instantaneousBaseline; + } + + public void setInstantaneousBaseline(Boolean instantaneousBaseline) { + this.instantaneousBaseline = instantaneousBaseline; + } + public SecurityMonitoringRuleAnomalyDetectionOptions learningDuration( SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration learningDuration) { this.learningDuration = learningDuration; @@ -209,6 +237,9 @@ public boolean equals(Object o) { && Objects.equals( this.detectionTolerance, securityMonitoringRuleAnomalyDetectionOptions.detectionTolerance) + && Objects.equals( + this.instantaneousBaseline, + securityMonitoringRuleAnomalyDetectionOptions.instantaneousBaseline) && Objects.equals( this.learningDuration, securityMonitoringRuleAnomalyDetectionOptions.learningDuration) && Objects.equals( @@ -224,6 +255,7 @@ public int hashCode() { return Objects.hash( bucketDuration, detectionTolerance, + instantaneousBaseline, learningDuration, learningPeriodBaseline, additionalProperties); @@ -235,6 +267,9 @@ public String toString() { sb.append("class SecurityMonitoringRuleAnomalyDetectionOptions {\n"); sb.append(" bucketDuration: ").append(toIndentedString(bucketDuration)).append("\n"); sb.append(" detectionTolerance: ").append(toIndentedString(detectionTolerance)).append("\n"); + sb.append(" instantaneousBaseline: ") + .append(toIndentedString(instantaneousBaseline)) + .append("\n"); sb.append(" learningDuration: ").append(toIndentedString(learningDuration)).append("\n"); sb.append(" learningPeriodBaseline: ") .append(toIndentedString(learningPeriodBaseline)) diff --git a/src/test/resources/cassettes/features/v2/Create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousBaseline_returns_OK_response.freeze b/src/test/resources/cassettes/features/v2/Create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousBaseline_returns_OK_response.freeze new file mode 100644 index 00000000000..79c8c047451 --- /dev/null +++ b/src/test/resources/cassettes/features/v2/Create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousBaseline_returns_OK_response.freeze @@ -0,0 +1 @@ +2026-02-10T14:48:33.727Z \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/Create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousBaseline_returns_OK_response.json b/src/test/resources/cassettes/features/v2/Create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousBaseline_returns_OK_response.json new file mode 100644 index 00000000000..065c2695e9b --- /dev/null +++ b/src/test/resources/cassettes/features/v2/Create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousBaseline_returns_OK_response.json @@ -0,0 +1,53 @@ +[ + { + "httpRequest": { + "body": { + "type": "JSON", + "json": "{\"cases\":[{\"condition\":\"a > 0.995\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"filters\":[],\"isEnabled\":true,\"message\":\"An anomaly detection rule\",\"name\":\"Test-Create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousBa-1770734913\",\"options\":{\"anomalyDetectionOptions\":{\"bucketDuration\":300,\"detectionTolerance\":3,\"instantaneousBaseline\":true,\"learningDuration\":24},\"detectionMethod\":\"anomaly_detection\",\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"dataSource\":\"logs\",\"distinctFields\":[],\"groupByFields\":[\"@usr.email\",\"@network.client.ip\"],\"hasOptionalGroupByFields\":false,\"name\":\"\",\"query\":\"service:app status:error\"}],\"tags\":[],\"type\":\"log_detection\"}" + }, + "headers": {}, + "method": "POST", + "path": "/api/v2/security_monitoring/rules", + "keepAlive": false, + "secure": true + }, + "httpResponse": { + "body": "{\"name\":\"Test-Create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousBa-1770734913\",\"createdAt\":1770734914087,\"isDefault\":false,\"isPartner\":false,\"isEnabled\":true,\"isBeta\":false,\"isDeleted\":false,\"isDeprecated\":false,\"queries\":[{\"query\":\"service:app status:error\",\"groupByFields\":[\"@usr.email\",\"@network.client.ip\"],\"hasOptionalGroupByFields\":false,\"distinctFields\":[],\"aggregation\":\"count\",\"name\":\"\",\"dataSource\":\"logs\"}],\"options\":{\"evaluationWindow\":1800,\"detectionMethod\":\"anomaly_detection\",\"maxSignalDuration\":86400,\"keepAlive\":3600,\"anomalyDetectionOptions\":{\"bucketDuration\":300,\"learningDuration\":24,\"detectionTolerance\":3,\"instantaneousBaseline\":true,\"instantaneousBaselineTimeoutMinutes\":30}},\"cases\":[{\"name\":\"\",\"status\":\"info\",\"notifications\":[],\"condition\":\"a \\u003e 0.995\"}],\"message\":\"An anomaly detection rule\",\"tags\":[],\"hasExtendedTitle\":false,\"type\":\"log_detection\",\"filters\":[],\"version\":1,\"id\":\"mtt-vs9-dyl\",\"blocking\":false,\"metadata\":{\"entities\":null,\"sources\":null},\"creationAuthorId\":1445416,\"creator\":{\"handle\":\"frog@datadoghq.com\",\"name\":\"frog\"},\"updater\":{\"handle\":\"\",\"name\":\"\"}}", + "headers": { + "Content-Type": [ + "application/json" + ] + }, + "statusCode": 200, + "reasonPhrase": "OK" + }, + "times": { + "remainingTimes": 1 + }, + "timeToLive": { + "unlimited": true + }, + "id": "0481e682-4f99-15d0-d8b3-bf9ea1f6d724" + }, + { + "httpRequest": { + "headers": {}, + "method": "DELETE", + "path": "/api/v2/security_monitoring/rules/mtt-vs9-dyl", + "keepAlive": false, + "secure": true + }, + "httpResponse": { + "headers": {}, + "statusCode": 204, + "reasonPhrase": "No Content" + }, + "times": { + "remainingTimes": 1 + }, + "timeToLive": { + "unlimited": true + }, + "id": "558eee7f-d626-bf27-70ee-c8e5ee4a3d7a" + } +] \ No newline at end of file diff --git a/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature b/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature index df5e32bcc4d..5695a7ea4a5 100644 --- a/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature +++ b/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature @@ -456,6 +456,17 @@ Feature: Security Monitoring And the response "options.anomalyDetectionOptions.learningPeriodBaseline" is equal to 10 And the response "options.anomalyDetectionOptions.detectionTolerance" is equal to 3 + @team:DataDog/k9-cloud-security-platform + Scenario: Create a detection rule with detection method 'anomaly_detection' with enabled feature 'instantaneousBaseline' returns "OK" response + Given new "CreateSecurityMonitoringRule" request + And body with value {"name":"{{ unique }}","type":"log_detection","isEnabled":true,"queries":[{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":["@usr.email","@network.client.ip"],"hasOptionalGroupByFields":false,"name":"","query":"service:app status:error"}],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0.995"}],"message":"An anomaly detection rule","options":{"detectionMethod":"anomaly_detection","evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400,"anomalyDetectionOptions":{"bucketDuration":300,"learningDuration":24,"detectionTolerance":3,"instantaneousBaseline":true}},"tags":[],"filters":[]} + When the request is sent + Then the response status is 200 OK + And the response "name" is equal to "{{ unique }}" + And the response "type" is equal to "log_detection" + And the response "options.detectionMethod" is equal to "anomaly_detection" + And the response "options.anomalyDetectionOptions.instantaneousBaseline" is equal to true + @team:DataDog/k9-cloud-security-platform Scenario: Create a detection rule with detection method 'sequence_detection' returns "OK" response Given new "CreateSecurityMonitoringRule" request